CVE-2010-1239
published 2010-04-05CVE-2010-1239: Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2)…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.53%
93.7th percentile
Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | foxit_reader | <= 3.2.0.0303 | — |
| foxitsoftware | foxit_reader | — | — |
| foxitsoftware | foxit_reader | — | — |
| foxitsoftware | foxit_reader | — | — |
| foxitsoftware | foxit_reader | — | — |
| foxitsoftware | foxit_reader | — | — |
| foxitsoftware | foxit_reader | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Foxit Reader up to 3.2.0.0303 code injection (VU#570177 / EDB-11987)
vuldb·2026-05-05·CVSS 9.3
CVE-2010-1239 [CRITICAL] Foxit Reader up to 3.2.0.0303 code injection (VU#570177 / EDB-11987)
A vulnerability was found in Foxit Reader up to 3.2.0.0303. It has been classified as critical. Affected by this issue is some unknown functionality. This manipulation causes code injection.
This vulnerability appears as CVE-2010-1239. The attack may be initiated remotely. In addition, an exploit is available.
Upgrading the affected component is recommended.
GHSA
GHSA-54xc-2c9p-qfwj: Foxit Reader before 3
ghsa_unreviewed·2022-05-02·CVSS 10.0
CVE-2010-1239 [CRITICAL] CWE-94 GHSA-54xc-2c9p-qfwj: Foxit Reader before 3
Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.
No detection rules found.
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/http://www.f-secure.com/weblog/archives/00001923.htmlhttp://www.foxitsoftware.com/announcements/2010420408.htmlhttp://www.foxitsoftware.com/pdf/reader/security.htm#0401http://www.kb.cert.org/vuls/id/570177http://blog.didierstevens.com/2010/03/29/escape-from-pdf/http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/http://www.f-secure.com/weblog/archives/00001923.htmlhttp://www.foxitsoftware.com/announcements/2010420408.htmlhttp://www.foxitsoftware.com/pdf/reader/security.htm#0401http://www.kb.cert.org/vuls/id/570177
2010-04-05
Published